According to a report from Adaptive Mobile, a new variant of Android-targeting ransomware has been spotted. The malware carries the name Koler and resembles other, similar types of ransomware we’ve seen before. With one key difference: This one spreads via SMS messages.
Here is the process:
- You get a text message from a well known friend saying: someone made a profile named -your name- and he uploaded some of your photos! is that you? http://bit.ly/xxxxx
- Of course, you start wondering why someone would make a profile with your photos and click on the link, after all, it’s a friend you know well
- You’re taken to a Dropbox page where you can download “IMG_7821.apk” concealed as a PhotoViewer app needed to view your photos (this is an APK file with the malware)
- You install it, and soon after, your screen is locked, with a picture of Obama and various agency logos telling you you’re “accused of viewing and storing of forbidden child pornography and zoophilia”
- You now have an option waiving the charges by getting a Money Pak and sending the redemption code to the attacker to unlock the phone.
While the above is happening, there’s another process that takes place in the background: the ransomware sends text messages to all your contacts and the whole process repeats for your friends.
The malware is spreading rapidly as the bit.ly statistics suggest.
If you fall a victim to this attack, don’t panic, and surely do not pay the ransom, as you’re not guaranteed to have your phone unlocked. Try:
- Doing a master reset via the recovery menu available on all Android devices before the phone boots (Ask a professional for help if you cannot find it in the manual)
- Manually uninstall the APK via the Android SDK (for advanced users only – try searching at the XDA Developers forums for help)